package com.xly.shiro;

import java.util.ArrayList;
import java.util.List;

import org.apache.shiro.SecurityUtils;
import org.apache.shiro.authc.AuthenticationException;
import org.apache.shiro.authc.AuthenticationInfo;
import org.apache.shiro.authc.AuthenticationToken;
import org.apache.shiro.authc.IncorrectCredentialsException;
import org.apache.shiro.authc.SimpleAuthenticationInfo;
import org.apache.shiro.authc.UnknownAccountException;
import org.apache.shiro.authc.UsernamePasswordToken;
import org.apache.shiro.authz.AuthorizationInfo;
import org.apache.shiro.authz.SimpleAuthorizationInfo;
import org.apache.shiro.realm.AuthorizingRealm;
import org.apache.shiro.session.InvalidSessionException;
import org.apache.shiro.session.Session;
import org.apache.shiro.subject.PrincipalCollection;
import org.apache.shiro.subject.Subject;
import org.apache.shiro.util.ByteSource;
import org.springframework.beans.factory.annotation.Autowired;
import org.springframework.context.ApplicationContext;
import org.springframework.context.support.ClassPathXmlApplicationContext;
import org.springframework.stereotype.Component;
import org.springframework.stereotype.Controller;
import org.springframework.stereotype.Service;

import com.xly.entity.UserInfo;
import com.xly.service.UserInfoService;

@Component
public class MyRealm extends AuthorizingRealm{
	
	@Autowired
	private UserInfoService userInfoService;
	
	@Override
	//为当前登录的Subject授予角色和权限
	protected AuthorizationInfo doGetAuthorizationInfo(PrincipalCollection principals) {
		System.out.println("shiro Authorization");
		SimpleAuthorizationInfo info=new SimpleAuthorizationInfo();
		//共享token中的Subject主体，获取当前用户的用户名
		String username= (String) principals.getPrimaryPrincipal();
		//通过当前用户名，查询数据库中的角色信息
		List<String> roleList = userInfoService.selectRolesByName(username);
		//批量角色添加
		info.addRoles(roleList);
		return info;
	}

	@Override
	//验证当前登录的Subject
	protected AuthenticationInfo doGetAuthenticationInfo(AuthenticationToken token) throws AuthenticationException {
		System.out.println("shiro check");
		//得到用户名
		String username = (String)token.getPrincipal();
		//得到密码
		String password = new String((char[])token.getCredentials());
		//原始数据库账号密码验证 ? 报错
		UserInfo user = userInfoService.selectUser(username,password);
		if(user != null) {
    		AuthenticationInfo authcInfo = new SimpleAuthenticationInfo(username,user.getPassword(), this.getName());
    		//存入用户信息
    		Session session = getSession();
    		session.setAttribute("user", user);
    		//记录用户昵称
    		return authcInfo;
		}
    	return null;
        
	}
	
	//定义shiro获取session的方法
	private Session getSession(){  
       try{  
           Subject subject = SecurityUtils.getSubject();  
           Session session = subject.getSession(false);  
            if (session == null){  
                session = subject.getSession();  
            }  
            if (session != null){  
                return session;  
            }  
        }catch (InvalidSessionException e){  
              e.printStackTrace();
        }  
        return null;  
    }

}
